[ https://issues.apache.org/jira/browse/PDFBOX-5709?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Tilman Hausherr closed PDFBOX-5709. ----------------------------------- Resolution: Not A Problem Closing this as not a problem assuming this is a user mistake per mkl comment. > Getting document corrupted while signing hash which has DER encoded signed > attributes > ------------------------------------------------------------------------------------- > > Key: PDFBOX-5709 > URL: https://issues.apache.org/jira/browse/PDFBOX-5709 > Project: PDFBox > Issue Type: Bug > Components: Signing > Reporter: Tanmay Sharma > Priority: Critical > > I am trying to do external signing. For that we use to calculate hash of pdf > and get it sign using some external trust service provider. Now our use case > is that instead of signing hash bytes we need to do signing over DER encoding > signing attributes. But after generating signed hash and embedding it to > document we are getting document corrupted error. > Code of content signer is > {code:java} > ContentSigner contentSigner = new ContentSigner() { > private MessageDigest digest = MessageDigest.getInstance("SHA-256"); > private OutputStream stream = OutputStreamFactory.createStream(digest); > @SneakyThrows > @Override > public byte[] getSignature() { > try { > byte[] b = new byte[4096]; > int count; > while ((count = inputStream.read(b)) > 0) { > digest.update(b, 0, count); > } > byte[] hashBytes = digest.digest(); > byte[] derEncoded = getAuthenticatedAttributeSet(hashBytes, > calendar).getEncoded(ASN1Encoding.DER); > List<String> hash = Arrays.asList(new > String(org.bouncycastle.util.encoders.Base64.encode(derEncoded))); > byte[] signedHash = getSignedHash(hash, > cscCredentialOptions.getAuthorizationContext().getAccessToken(), > cscCredentialOptions.getCredentialId(), > cscCredentialOptions.getCredentialAuthParameters().getPin(), signAlgo); > return signedHash; > } catch (Exception e) { > LOG.error(e.getMessage()); > } > } > @Override > public OutputStream getOutputStream() { > return stream; > } > @Override > public AlgorithmIdentifier getAlgorithmIdentifier() { > return new AlgorithmIdentifier(new > ASN1ObjectIdentifier("1.2.840.113549.1.1.11")); > } > };{code} > {code:java} > public DERSet getAuthenticatedAttributeSet(byte secondDigest[], Calendar > signingTime) { > ASN1EncodableVector attribute = new ASN1EncodableVector(); > ASN1EncodableVector v = new ASN1EncodableVector(); > v.add(new ASN1ObjectIdentifier("1.2.840.113549.1.9.3")); > v.add(new DERSet(new ASN1ObjectIdentifier("1.2.840.113549.1.7.1"))); > attribute.add(new DERSequence(v)); > v = new ASN1EncodableVector(); > v.add(new ASN1ObjectIdentifier("1.2.840.113549.1.9.5")); > v.add(new DERSet(new DERUTCTime(signingTime.getTime()))); > attribute.add(new DERSequence(v)); > v = new ASN1EncodableVector(); > v.add(new ASN1ObjectIdentifier("1.2.840.113549.1.9.4")); > v.add(new DERSet(new DEROctetString(secondDigest))); > attribute.add(new DERSequence(v)); > return new DERSet(attribute); > }{code} > > -- This message was sent by Atlassian Jira (v8.20.10#820010) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@pdfbox.apache.org For additional commands, e-mail: dev-h...@pdfbox.apache.org